diff -rup '--exclude=*.mod.c' '--exclude=*.map' '--exclude=*.S' '--exclude=config_data.h' '--exclude=zoffset.h' '--exclude=vmlinux.lds' '--exclude=vdso32.lds' '--exclude=vdso.lds' '--exclude=realmode.lds' '--exclude=randomize_layout_hash.h' '--exclude=utsrelease.h' '--exclude=randomize_layout_seed.h' '--exclude=.version' '--exclude=asm-offsets.h' '--exclude=asm-offsets.s' '--exclude=auto.conf' '--exclude=auto.cmd' '--exclude=auto.conf.cmd' '--exclude=autoconf.h' '--exclude=compile.h' '--exclude=kernel.release' '--exclude=tristate.conf' -- linux-4.2.6-hardened/arch/x86/include/uapi/asm/svm.h linux-4.2.6-hardened-r1/arch/x86/include/uapi/asm/svm.h
--- linux-4.2.6-hardened/arch/x86/include/uapi/asm/svm.h	2015-08-30 20:34:09.000000000 +0200
+++ linux-4.2.6-hardened-r1/arch/x86/include/uapi/asm/svm.h	2015-11-14 04:35:05.787267256 +0100
@@ -100,6 +100,7 @@
 	{ SVM_EXIT_EXCP_BASE + UD_VECTOR,       "UD excp" }, \
 	{ SVM_EXIT_EXCP_BASE + PF_VECTOR,       "PF excp" }, \
 	{ SVM_EXIT_EXCP_BASE + NM_VECTOR,       "NM excp" }, \
+	{ SVM_EXIT_EXCP_BASE + AC_VECTOR,       "AC excp" }, \
 	{ SVM_EXIT_EXCP_BASE + MC_VECTOR,       "MC excp" }, \
 	{ SVM_EXIT_INTR,        "interrupt" }, \
 	{ SVM_EXIT_NMI,         "nmi" }, \
diff -rup '--exclude=*.mod.c' '--exclude=*.map' '--exclude=*.S' '--exclude=config_data.h' '--exclude=zoffset.h' '--exclude=vmlinux.lds' '--exclude=vdso32.lds' '--exclude=vdso.lds' '--exclude=realmode.lds' '--exclude=randomize_layout_hash.h' '--exclude=utsrelease.h' '--exclude=randomize_layout_seed.h' '--exclude=.version' '--exclude=asm-offsets.h' '--exclude=asm-offsets.s' '--exclude=auto.conf' '--exclude=auto.cmd' '--exclude=auto.conf.cmd' '--exclude=autoconf.h' '--exclude=compile.h' '--exclude=kernel.release' '--exclude=tristate.conf' -- linux-4.2.6-hardened/arch/x86/kvm/svm.c linux-4.2.6-hardened-r1/arch/x86/kvm/svm.c
--- linux-4.2.6-hardened/arch/x86/kvm/svm.c	2015-11-12 05:34:48.474116727 +0100
+++ linux-4.2.6-hardened-r1/arch/x86/kvm/svm.c	2015-11-14 04:35:05.950599693 +0100
@@ -1106,6 +1106,8 @@ static void init_vmcb(struct vcpu_svm *s
 	set_exception_intercept(svm, PF_VECTOR);
 	set_exception_intercept(svm, UD_VECTOR);
 	set_exception_intercept(svm, MC_VECTOR);
+	set_exception_intercept(svm, AC_VECTOR);
+	set_exception_intercept(svm, DB_VECTOR);
 
 	set_intercept(svm, INTERCEPT_INTR);
 	set_intercept(svm, INTERCEPT_NMI);
@@ -1641,20 +1643,13 @@ static void svm_set_segment(struct kvm_v
 	mark_dirty(svm->vmcb, VMCB_SEG);
 }
 
-static void update_db_bp_intercept(struct kvm_vcpu *vcpu)
+static void update_bp_intercept(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm = to_svm(vcpu);
 
-	clr_exception_intercept(svm, DB_VECTOR);
 	clr_exception_intercept(svm, BP_VECTOR);
 
-	if (svm->nmi_singlestep)
-		set_exception_intercept(svm, DB_VECTOR);
-
 	if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
-		if (vcpu->guest_debug &
-		    (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
-			set_exception_intercept(svm, DB_VECTOR);
 		if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
 			set_exception_intercept(svm, BP_VECTOR);
 	} else
@@ -1760,7 +1755,6 @@ static int db_interception(struct vcpu_s
 		if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
 			svm->vmcb->save.rflags &=
 				~(X86_EFLAGS_TF | X86_EFLAGS_RF);
-		update_db_bp_intercept(&svm->vcpu);
 	}
 
 	if (svm->vcpu.guest_debug &
@@ -1795,6 +1789,12 @@ static int ud_interception(struct vcpu_s
 	return 1;
 }
 
+static int ac_interception(struct vcpu_svm *svm)
+{
+	kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
+	return 1;
+}
+
 static void svm_fpu_activate(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm = to_svm(vcpu);
@@ -3369,6 +3369,7 @@ static int (*const svm_exit_handlers[])(
 	[SVM_EXIT_EXCP_BASE + PF_VECTOR]	= pf_interception,
 	[SVM_EXIT_EXCP_BASE + NM_VECTOR]	= nm_interception,
 	[SVM_EXIT_EXCP_BASE + MC_VECTOR]	= mc_interception,
+	[SVM_EXIT_EXCP_BASE + AC_VECTOR]	= ac_interception,
 	[SVM_EXIT_INTR]				= intr_interception,
 	[SVM_EXIT_NMI]				= nmi_interception,
 	[SVM_EXIT_SMI]				= nop_on_interception,
@@ -3756,7 +3757,6 @@ static void enable_nmi_window(struct kvm
 	 */
 	svm->nmi_singlestep = true;
 	svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
-	update_db_bp_intercept(vcpu);
 }
 
 static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
@@ -4382,7 +4382,7 @@ static struct kvm_x86_ops svm_x86_ops =
 	.vcpu_load = svm_vcpu_load,
 	.vcpu_put = svm_vcpu_put,
 
-	.update_db_bp_intercept = update_db_bp_intercept,
+	.update_db_bp_intercept = update_bp_intercept,
 	.get_msr = svm_get_msr,
 	.set_msr = svm_set_msr,
 	.get_segment_base = svm_get_segment_base,
diff -rup '--exclude=*.mod.c' '--exclude=*.map' '--exclude=*.S' '--exclude=config_data.h' '--exclude=zoffset.h' '--exclude=vmlinux.lds' '--exclude=vdso32.lds' '--exclude=vdso.lds' '--exclude=realmode.lds' '--exclude=randomize_layout_hash.h' '--exclude=utsrelease.h' '--exclude=randomize_layout_seed.h' '--exclude=.version' '--exclude=asm-offsets.h' '--exclude=asm-offsets.s' '--exclude=auto.conf' '--exclude=auto.cmd' '--exclude=auto.conf.cmd' '--exclude=autoconf.h' '--exclude=compile.h' '--exclude=kernel.release' '--exclude=tristate.conf' -- linux-4.2.6-hardened/arch/x86/kvm/vmx.c linux-4.2.6-hardened-r1/arch/x86/kvm/vmx.c
--- linux-4.2.6-hardened/arch/x86/kvm/vmx.c	2015-11-12 05:34:48.477450042 +0100
+++ linux-4.2.6-hardened-r1/arch/x86/kvm/vmx.c	2015-11-14 04:35:05.953933008 +0100
@@ -1567,7 +1567,7 @@ static void update_exception_bitmap(stru
 	u32 eb;
 
 	eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
-	     (1u << NM_VECTOR) | (1u << DB_VECTOR);
+	     (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR);
 	if ((vcpu->guest_debug &
 	     (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
 	    (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
@@ -5129,6 +5129,9 @@ static int handle_exception(struct kvm_v
 		return handle_rmode_exception(vcpu, ex_no, error_code);
 
 	switch (ex_no) {
+	case AC_VECTOR:
+		kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
+		return 1;
 	case DB_VECTOR:
 		dr6 = vmcs_readl(EXIT_QUALIFICATION);
 		if (!(vcpu->guest_debug &
diff -rup '--exclude=*.mod.c' '--exclude=*.map' '--exclude=*.S' '--exclude=config_data.h' '--exclude=zoffset.h' '--exclude=vmlinux.lds' '--exclude=vdso32.lds' '--exclude=vdso.lds' '--exclude=realmode.lds' '--exclude=randomize_layout_hash.h' '--exclude=utsrelease.h' '--exclude=randomize_layout_seed.h' '--exclude=.version' '--exclude=asm-offsets.h' '--exclude=asm-offsets.s' '--exclude=auto.conf' '--exclude=auto.cmd' '--exclude=auto.conf.cmd' '--exclude=autoconf.h' '--exclude=compile.h' '--exclude=kernel.release' '--exclude=tristate.conf' -- linux-4.2.6-hardened/.config linux-4.2.6-hardened-r1/.config
--- linux-4.2.6-hardened/.config	2015-11-12 12:50:46.816053791 +0100
+++ linux-4.2.6-hardened-r1/.config	2015-11-14 04:50:01.042354592 +0100
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.2.6-hardened Kernel Configuration
+# Linux/x86 4.2.6-hardened-r1 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
diff -rup '--exclude=*.mod.c' '--exclude=*.map' '--exclude=*.S' '--exclude=config_data.h' '--exclude=zoffset.h' '--exclude=vmlinux.lds' '--exclude=vdso32.lds' '--exclude=vdso.lds' '--exclude=realmode.lds' '--exclude=randomize_layout_hash.h' '--exclude=utsrelease.h' '--exclude=randomize_layout_seed.h' '--exclude=.version' '--exclude=asm-offsets.h' '--exclude=asm-offsets.s' '--exclude=auto.conf' '--exclude=auto.cmd' '--exclude=auto.conf.cmd' '--exclude=autoconf.h' '--exclude=compile.h' '--exclude=kernel.release' '--exclude=tristate.conf' -- linux-4.2.6-hardened/drivers/net/ethernet/realtek/r8169.c linux-4.2.6-hardened-r1/drivers/net/ethernet/realtek/r8169.c
--- linux-4.2.6-hardened/drivers/net/ethernet/realtek/r8169.c	2015-11-12 05:34:49.257445762 +0100
+++ linux-4.2.6-hardened-r1/drivers/net/ethernet/realtek/r8169.c	2015-11-14 04:35:06.723928783 +0100
@@ -7361,6 +7361,9 @@ process_pkt:
 
 			rtl8169_rx_vlan_tag(desc, skb);
 
+			if (skb->pkt_type == PACKET_MULTICAST)
+				dev->stats.multicast++;
+
 			napi_gro_receive(&tp->napi, skb);
 
 			u64_stats_update_begin(&tp->rx_stats.syncp);
diff -rup '--exclude=*.mod.c' '--exclude=*.map' '--exclude=*.S' '--exclude=config_data.h' '--exclude=zoffset.h' '--exclude=vmlinux.lds' '--exclude=vdso32.lds' '--exclude=vdso.lds' '--exclude=realmode.lds' '--exclude=randomize_layout_hash.h' '--exclude=utsrelease.h' '--exclude=randomize_layout_seed.h' '--exclude=.version' '--exclude=asm-offsets.h' '--exclude=asm-offsets.s' '--exclude=auto.conf' '--exclude=auto.cmd' '--exclude=auto.conf.cmd' '--exclude=autoconf.h' '--exclude=compile.h' '--exclude=kernel.release' '--exclude=tristate.conf' -- linux-4.2.6-hardened/fs/binfmt_elf.c linux-4.2.6-hardened-r1/fs/binfmt_elf.c
--- linux-4.2.6-hardened/fs/binfmt_elf.c	2015-11-12 05:34:49.714109923 +0100
+++ linux-4.2.6-hardened-r1/fs/binfmt_elf.c	2015-11-14 04:35:07.173926314 +0100
@@ -1127,16 +1127,16 @@ static int load_elf_binary(struct linux_
 			 */
 			would_dump(bprm, interpreter);
 
-			retval = kernel_read(interpreter, 0, bprm->buf,
-					     BINPRM_BUF_SIZE);
-			if (retval != BINPRM_BUF_SIZE) {
+			/* Get the exec headers */
+			retval = kernel_read(interpreter, 0,
+					     (void *)&loc->interp_elf_ex,
+					     sizeof(loc->interp_elf_ex));
+			if (retval != sizeof(loc->interp_elf_ex)) {
 				if (retval >= 0)
 					retval = -EIO;
 				goto out_free_dentry;
 			}
 
-			/* Get the exec headers */
-			loc->interp_elf_ex = *((struct elfhdr *)bprm->buf);
 			break;
 		}
 		elf_ppnt++;
diff -rup '--exclude=*.mod.c' '--exclude=*.map' '--exclude=*.S' '--exclude=config_data.h' '--exclude=zoffset.h' '--exclude=vmlinux.lds' '--exclude=vdso32.lds' '--exclude=vdso.lds' '--exclude=realmode.lds' '--exclude=randomize_layout_hash.h' '--exclude=utsrelease.h' '--exclude=randomize_layout_seed.h' '--exclude=.version' '--exclude=asm-offsets.h' '--exclude=asm-offsets.s' '--exclude=auto.conf' '--exclude=auto.cmd' '--exclude=auto.conf.cmd' '--exclude=autoconf.h' '--exclude=compile.h' '--exclude=kernel.release' '--exclude=tristate.conf' -- linux-4.2.6-hardened/fs/btrfs/inode.c linux-4.2.6-hardened-r1/fs/btrfs/inode.c
--- linux-4.2.6-hardened/fs/btrfs/inode.c	2015-11-12 05:34:49.727443183 +0100
+++ linux-4.2.6-hardened-r1/fs/btrfs/inode.c	2015-11-14 04:34:58.060642989 +0100
@@ -5632,7 +5632,6 @@ static int btrfs_real_readdir(struct fil
 	char *name_ptr;
 	int name_len;
 	int is_curr = 0;	/* ctx->pos points to the current index? */
-	bool emitted;
 
 	/* FIXME, use a real flag for deciding about the key type */
 	if (root->fs_info->tree_root == root)
@@ -5661,7 +5660,6 @@ static int btrfs_real_readdir(struct fil
 	if (ret < 0)
 		goto err;
 
-	emitted = false;
 	while (1) {
 		leaf = path->nodes[0];
 		slot = path->slots[0];
@@ -5741,7 +5739,6 @@ skip:
 
 			if (over)
 				goto nopos;
-			emitted = true;
 			di_len = btrfs_dir_name_len(leaf, di) +
 				 btrfs_dir_data_len(leaf, di) + sizeof(*di);
 			di_cur += di_len;
@@ -5759,15 +5756,6 @@ next:
 			goto nopos;
 	}
 
-	/*
-	 * If we haven't emitted any dir entry, we must not touch ctx->pos as
-	 * it was was set to the termination value in previous call. We assume
-	 * that "." and ".." were emitted if we reach this point and set the
-	 * termination value as well for an empty directory.
-	 */
-	if (ctx->pos > 2 && !emitted)
-		goto nopos;
-
 	/* Reached end of directory/root. Bump pos past the last item. */
 	ctx->pos++;
 
diff -rup '--exclude=*.mod.c' '--exclude=*.map' '--exclude=*.S' '--exclude=config_data.h' '--exclude=zoffset.h' '--exclude=vmlinux.lds' '--exclude=vdso32.lds' '--exclude=vdso.lds' '--exclude=realmode.lds' '--exclude=randomize_layout_hash.h' '--exclude=utsrelease.h' '--exclude=randomize_layout_seed.h' '--exclude=.version' '--exclude=asm-offsets.h' '--exclude=asm-offsets.s' '--exclude=auto.conf' '--exclude=auto.cmd' '--exclude=auto.conf.cmd' '--exclude=autoconf.h' '--exclude=compile.h' '--exclude=kernel.release' '--exclude=tristate.conf' -- linux-4.2.6-hardened/fs/debugfs/inode.c linux-4.2.6-hardened-r1/fs/debugfs/inode.c
--- linux-4.2.6-hardened/fs/debugfs/inode.c	2015-11-12 05:34:49.767442963 +0100
+++ linux-4.2.6-hardened-r1/fs/debugfs/inode.c	2015-11-14 04:35:07.220592724 +0100
@@ -271,8 +271,12 @@ static struct dentry *start_creating(con
 		dput(dentry);
 		dentry = ERR_PTR(-EEXIST);
 	}
-	if (IS_ERR(dentry))
+
+	if (IS_ERR(dentry)) {
 		mutex_unlock(&d_inode(parent)->i_mutex);
+		simple_release_fs(&debugfs_mount, &debugfs_mount_count);
+	}
+
 	return dentry;
 }
 
diff -rup '--exclude=*.mod.c' '--exclude=*.map' '--exclude=*.S' '--exclude=config_data.h' '--exclude=zoffset.h' '--exclude=vmlinux.lds' '--exclude=vdso32.lds' '--exclude=vdso.lds' '--exclude=realmode.lds' '--exclude=randomize_layout_hash.h' '--exclude=utsrelease.h' '--exclude=randomize_layout_seed.h' '--exclude=.version' '--exclude=asm-offsets.h' '--exclude=asm-offsets.s' '--exclude=auto.conf' '--exclude=auto.cmd' '--exclude=auto.conf.cmd' '--exclude=autoconf.h' '--exclude=compile.h' '--exclude=kernel.release' '--exclude=tristate.conf' -- linux-4.2.6-hardened/Makefile linux-4.2.6-hardened-r1/Makefile
--- linux-4.2.6-hardened/Makefile	2015-11-12 05:34:57.370734574 +0100
+++ linux-4.2.6-hardened-r1/Makefile	2015-11-14 04:35:14.963883567 +0100
@@ -1,7 +1,7 @@
 VERSION = 4
 PATCHLEVEL = 2
 SUBLEVEL = 6
-EXTRAVERSION = -hardened
+EXTRAVERSION = -hardened-r1
 NAME = Hurr durr I'ma sheep
 
 # *DOCUMENTATION*
diff -rup '--exclude=*.mod.c' '--exclude=*.map' '--exclude=*.S' '--exclude=config_data.h' '--exclude=zoffset.h' '--exclude=vmlinux.lds' '--exclude=vdso32.lds' '--exclude=vdso.lds' '--exclude=realmode.lds' '--exclude=randomize_layout_hash.h' '--exclude=utsrelease.h' '--exclude=randomize_layout_seed.h' '--exclude=.version' '--exclude=asm-offsets.h' '--exclude=asm-offsets.s' '--exclude=auto.conf' '--exclude=auto.cmd' '--exclude=auto.conf.cmd' '--exclude=autoconf.h' '--exclude=compile.h' '--exclude=kernel.release' '--exclude=tristate.conf' -- linux-4.2.6-hardened/net/ipv4/netfilter/nf_nat_pptp.c linux-4.2.6-hardened-r1/net/ipv4/netfilter/nf_nat_pptp.c
--- linux-4.2.6-hardened/net/ipv4/netfilter/nf_nat_pptp.c	2015-08-30 20:34:09.000000000 +0200
+++ linux-4.2.6-hardened-r1/net/ipv4/netfilter/nf_nat_pptp.c	2015-11-14 04:35:08.097254580 +0100
@@ -45,7 +45,7 @@ static void pptp_nat_expected(struct nf_
 	struct net *net = nf_ct_net(ct);
 	const struct nf_conn *master = ct->master;
 	struct nf_conntrack_expect *other_exp;
-	struct nf_conntrack_tuple t;
+	struct nf_conntrack_tuple t = {};
 	const struct nf_ct_pptp_master *ct_pptp_info;
 	const struct nf_nat_pptp *nat_pptp_info;
 	struct nf_nat_range range;
